British Government Can Force Encryption Removal
https://sp-security.blogspot.com/2017/04/british-government-can-force-encryption.html
The
UK government has the right to compel tech firms to remove end-to-end
encryption. However, it is avoiding using existing legislation, because
this move is likely to force it into a battle it would eventually lose.
We are talking about the Investigatory Powers Act, which came into
effect in the end of 2016 and enables the government to force
communications providers to remove electronic protection applied to any
communications or information.
Indeed,
the Open Rights Group reiterates that the existing legislation already
allows the UK government to force such cooperation, but using it would
lead the government into an argument it will lose, because it will never
coerce the global open-source community to comply, for instance. In
fact, government time and money would be better spent elsewhere. The
Open Rights Group also believes that actually attempting to enforce the
law as it stands would require an “illiberal and misconceived” business
case to be thrust upon communications providers to force them to
undermine their own security technologies. As a result, users would flee
a less secure, less competitive platforms and move to other services
with less cordial government relationships.
Security experts say that any attempt to use such powers would be bound to introduce major security vulnerabilities, because banning encryption in order to get to the communications of a select few opens access to the communications of many, thus rendering all the Internet users less secure and their lives less private. The matter is that if the developers build a backdoor for the government, the hackers will eventually find a way to break through it as well.
It must also be said that in the initial draft of the new investigatory powers bill, there is only limitation to the government’s power to force the removal of encryption – it must consult with an advisory board with any specific obligation that is “reasonable” and “practicable”. Moreover, the technical capability notice can even be issued to individuals outside the United Kingdom, and force them to do, or not to do, things outside the country.
In response, technology firms warned that the law could end electronic privacy in the UK, after which the government made a small concession to promise that nobody would be compelled to remove encryption of their services if it was not technically feasible. However, a definition of technological feasibility was not provided.
Posted by:SaM
Security experts say that any attempt to use such powers would be bound to introduce major security vulnerabilities, because banning encryption in order to get to the communications of a select few opens access to the communications of many, thus rendering all the Internet users less secure and their lives less private. The matter is that if the developers build a backdoor for the government, the hackers will eventually find a way to break through it as well.
It must also be said that in the initial draft of the new investigatory powers bill, there is only limitation to the government’s power to force the removal of encryption – it must consult with an advisory board with any specific obligation that is “reasonable” and “practicable”. Moreover, the technical capability notice can even be issued to individuals outside the United Kingdom, and force them to do, or not to do, things outside the country.
In response, technology firms warned that the law could end electronic privacy in the UK, after which the government made a small concession to promise that nobody would be compelled to remove encryption of their services if it was not technically feasible. However, a definition of technological feasibility was not provided.
Posted by:SaM
